Current defenses that rely solely on perimeter protection cannot defend agency networks once they’ve been compromised.
The White House will push federal agencies to start moving toward a new "zero trust paradigm," according to Federal Chief Information Security Officer Chris DeRusha.
Zero trust, which assumes networks have already compromised, is not new, but security experts have been calling for wider implementation since the breach involving SolarWinds was discovered. In that attack, adversaries moved unchecked through government networks after their initial entry.
"In this new model, real-time authentication tests users, blocks suspicious activity and prevents adversaries from the kind of privilege escalation that was demonstrated in the SolarWinds incident," DeRusha told lawmakers at the March 18 Homeland Security and Government Affairs Committee.
"Many of the tools we need to implement this model already exist within industry and agency environments, but successful implementation will require a shift in mindset and focus at all levels within federal agencies," he continued.
Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency who testified alongside DeRusha, also suggested the government's failure to catch the intrusion had to do with an over emphasis on network perimeter security and a lack of internal detection methods.
"Part of the challenge is that you can only secure what you can see, and over the past decade our system of protection that has largely relied upon sensors deployed at the perimeters of networks that is designed to be fed by intelligence," about known threats, Wales said. "Our adversaries have advanced, they are no longer using the same infrastructure to target us repeatedly."
He also said CISA will use funding from the American Rescue Act to invest in new tools for endpoint detection tools but that ultimately agencies must find a balance between both forms of security.
"That balance was too far out of whack in the past," he said. "It is too focused on the network and not enough inside of networks at the host. "
This article was first posted to FCW, a sibling site to GCN.
NEXT STORY: Feds lead in DMARC use